Re: [6tisch-security] [Anima] [6lo] Comments needed for Security Bootstrapping of IEEE 802.15.4 based Internet of Things
Tero Kivinen <kivinen@iki.fi> Fri, 06 February 2015 10:19 UTC
Return-Path: <kivinen@iki.fi>
X-Original-To: 6tisch-security@ietfa.amsl.com
Delivered-To: 6tisch-security@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 783051A1B23; Fri, 6 Feb 2015 02:19:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.131
X-Spam-Level:
X-Spam-Status: No, score=-1.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_NEUTRAL=0.779, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jzRw8iTxaH3c; Fri, 6 Feb 2015 02:19:25 -0800 (PST)
Received: from mail.kivinen.iki.fi (fireball.kivinen.iki.fi [IPv6:2001:1bc8:100d::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7A9561A1B1D; Fri, 6 Feb 2015 02:19:25 -0800 (PST)
Received: from fireball.kivinen.iki.fi (localhost [127.0.0.1]) by mail.kivinen.iki.fi (8.14.8/8.14.8) with ESMTP id t16AIesv003806 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 6 Feb 2015 12:18:40 +0200 (EET)
Received: (from kivinen@localhost) by fireball.kivinen.iki.fi (8.14.8/8.14.8/Submit) id t16AIaKG009946; Fri, 6 Feb 2015 12:18:36 +0200 (EET)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <21716.38140.675311.694062@fireball.kivinen.iki.fi>
Date: Fri, 06 Feb 2015 12:18:36 +0200
From: Tero Kivinen <kivinen@iki.fi>
To: sarikaya@ieee.org
In-Reply-To: <CAC8QAcee9FCeX9H4z7553OBJCjyamvJ1YHfzLmVzRs-EG2EEUQ@mail.gmail.com>
References: <77FA386512F0D748BC7C02C36EB1106D921776@szxeml557-mbs.china.huawei.com> <6426.1422664463@sandelman.ca> <77FA386512F0D748BC7C02C36EB1106D92CC62@szxeml557-mbs.china.huawei.com> <21712.47075.522836.495543@fireball.kivinen.iki.fi> <CAC8QAcee9FCeX9H4z7553OBJCjyamvJ1YHfzLmVzRs-EG2EEUQ@mail.gmail.com>
X-Mailer: VM 8.2.0b under 24.3.1 (x86_64--netbsd)
X-Edit-Time: 3 min
X-Total-Time: 3 min
Archived-At: <http://mailarchive.ietf.org/arch/msg/6tisch-security/oyXRnTnmizX4SNsvAFX_pNeFhNs>
Cc: "Hedanping (Ana)" <ana.hedanping@huawei.com>, "6tisch-security@ietf.org" <6tisch-security@ietf.org>, "6lo@ietf.org" <6lo@ietf.org>
Subject: Re: [6tisch-security] [Anima] [6lo] Comments needed for Security Bootstrapping of IEEE 802.15.4 based Internet of Things
X-BeenThere: 6tisch-security@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Extended Design Team for 6TiSCH security architecture <6tisch-security.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/6tisch-security/>
List-Post: <mailto:6tisch-security@ietf.org>
List-Help: <mailto:6tisch-security-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6tisch-security>, <mailto:6tisch-security-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Feb 2015 10:19:26 -0000
Behcet Sarikaya writes: > > For this uses the IKEv2 + EAP would be most likely quite good, i.e. > > the IKEv2 frames would be exchange between the peer joining the > > network and its next hop router, and inside those IKEv2 frames there > > would be EAP messages, which are then relayed to the AAA server (trust > > center TC in draft-he-iot-security-bootstrapping-00) for actual > > authentication. > > Did you consider 802.1X which does similar things? Yes, but 802.1X is not enough on its own. It only provides authentication, not key management. We currently have two 802.1X versions, i.e. 802.1X/MKA and 802.1X/KEY, but there is going to be some rewriting happening on those sections. In addition to those we have IKEv2, HIP, PANA and Dragonfly. -- kivinen@iki.fi
- Re: [6tisch-security] [Anima] [6lo] Comments need… Behcet Sarikaya
- Re: [6tisch-security] [Anima] [6lo] Comments need… Tero Kivinen
- Re: [6tisch-security] [6lo] Comments needed for S… Michael Richardson
- Re: [6tisch-security] [6lo] Comments needed for S… Hedanping (Ana)
- Re: [6tisch-security] [6lo] Comments needed for S… Tero Kivinen
- Re: [6tisch-security] [6lo] Comments needed for S… Robert Cragie
- Re: [6tisch-security] [6lo] Comments needed for S… Hannes Tschofenig
- Re: [6tisch-security] [Anima] [6lo] Comments need… Brian E Carpenter
- Re: [6tisch-security] [6lo] Comments needed for S… Behcet Sarikaya
- Re: [6tisch-security] [Anima] [6lo] Comments need… Brian E Carpenter
- Re: [6tisch-security] [Anima] [6lo] Comments need… Brian E Carpenter
- Re: [6tisch-security] [Anima] [6lo] Comments need… peter van der Stok
- Re: [6tisch-security] [Anima] [6lo] Comments need… Hannes Tschofenig
- Re: [6tisch-security] [6lo] [Anima] Comments need… peter van der Stok
- Re: [6tisch-security] [6lo] [Anima] Comments need… Brian E Carpenter
- Re: [6tisch-security] [6lo] [Anima] Comments need… Behcet Sarikaya
- Re: [6tisch-security] [Anima] [6lo] Comments need… Kent Watsen
- Re: [6tisch-security] [Anima] [6lo] Comments need… Hannes Tschofenig
- Re: [6tisch-security] [Anima] [6lo] Comments need… Brian E Carpenter
- Re: [6tisch-security] [6lo] Comments needed for S… Hedanping (Ana)
- [6tisch-security] Device vs network bootstrapping… Brian E Carpenter
- Re: [6tisch-security] [6lo] [Anima] Comments need… Behcet Sarikaya
- [6tisch-security] Thread [Comments needed for Sec… Brian E Carpenter
- Re: [6tisch-security] [6lo] Device vs network boo… Hedanping (Ana)
- Re: [6tisch-security] [6lo] [Anima] Comments need… Hedanping (Ana)
- Re: [6tisch-security] [6lo] [Anima] Comments need… Paul Duffy
- Re: [6tisch-security] [6lo] Device vs network boo… Brian E Carpenter
- Re: [6tisch-security] [Anima] [6lo] Device vs net… Kent Watsen
- Re: [6tisch-security] [6lo] Device vs network boo… Kris Pister
- Re: [6tisch-security] [6lo] [Anima] Comments need… Thomas Watteyne
- Re: [6tisch-security] [6lo] Device vs network boo… Brian E Carpenter
- Re: [6tisch-security] [6lo] Thread [Comments need… Ralph Droms
- Re: [6tisch-security] [6lo] Thread [Comments need… Brian E Carpenter
- Re: [6tisch-security] [6lo] [Anima] Comments need… peter van der Stok
- Re: [6tisch-security] [Anima] Thread [Comments ne… Hannes Tschofenig
- Re: [6tisch-security] [6lo] [Anima] Thread [Comme… Ralph Droms
- Re: [6tisch-security] [Anima] Thread [Comments ne… Brian E Carpenter
- [6tisch-security] (Fair) competition in pursuing … Rene Struik
- Re: [6tisch-security] (Fair) competition in pursu… Brian E Carpenter
- Re: [6tisch-security] [Anima] (Fair) competition … Sheng Jiang
- Re: [6tisch-security] [Anima] Thread [Comments ne… Hannes Tschofenig
- Re: [6tisch-security] [Anima] (Fair) competition … Rene Struik
- Re: [6tisch-security] [Anima] (Fair) competition … Sheng Jiang
- Re: [6tisch-security] [Anima] (Fair) competition … Hannes Tschofenig
- Re: [6tisch-security] [Anima] (Fair) competition … Robert Cragie
- Re: [6tisch-security] [Anima] [6lo] Thread [Comme… Alper Yegin
- Re: [6tisch-security] [Anima] [6lo] Thread [Comme… Carsten Bormann
- Re: [6tisch-security] [6lo] [Anima] Thread [Comme… Oliver Hahm